Computer Viruses and Other Malicious Software: A Threat to the Internet Economy

Spurred by the prevalence of always-on, high-speed connections, the Internet has become a powerful tool for enhancing innovation and productivity. The increasing dependence on the Internet and other communication networks, however, means the Internet has also become a popular and efficient way to spread computer viruses and other types of malicious software (malware).

"Viruses", "worms" and "zombies" might sound like science fiction, but they are in fact the reality presented by the spread of malware. The power and threat of malware are that it can infiltrate, manipulate or damage individual computers, as well as entire electronic information networks, without users knowing anything is amiss. All of this has brought the electronic world to an important juncture.

Malware attacks are increasing in both frequency and sophistication, thus posing a serious threat to the Internet economy and to national security. Concurrently, efforts to fight malware are not up to the task of addressing this growing global threat; malware response and mitigation efforts are essentially fragmented, local and mainly reactive.

A wide range of communities and actors – from policy makers to Internet Service Providers to end users – all play a role in combating malware. But there is still limited knowledge, understanding, organisation and delineation of the roles and responsibilities of each of these actors. Improvements can be made in many areas, and international co-operation would benefit greatly in areas such as: proactive prevention (education, guidelines and standards, research and development); improved legal frameworks; stronger law enforcement; improved tech industry practices; and better alignment of economic incentives with societal benefits.

This book is a first step toward addressing the threat of malware in a comprehensive, global manner. It has three major aims:

to inform policy makers about malware -- its growth, evolution and countermeasures to combat it;

to present new research into the economic incentives driving cyber-security decisions; and

to make specific suggestions on how the international community can better work together to address the problem.

It was developed by the OECD in partnership with the Asia Pacific Economic Co-operation Telecommunication and Information Working Group (APEC TEL).

Table of contents

Executive Summary

Background

Part I. The Scope of Malware

Chapter 1. An Overview of MalwareWhat is malware? | How does malware work? | Malware on mobile devices | The malware Internet: botnets | What are botnets used for? | Botnets command and control (C&C) models | Botnet figures | Botnets and broadband | Spam and botnets | The role of blacklists in combating botnets